Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
20 January 2026
A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions.
"These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README,